The executable name is linux can be read in various ways.

1. By reading /proc/[pid]/comm, which contains a string that's truncated after reaching 16 characters or TASK_COMM_LEN.
2. By reading /proc/[pid]/cmdline which contains the command line used with arguments.

There are other ways like reading /proc/[pid]/stat, or /proc/[pid]/status, but they are similar to 1.

The proc(5) man page says:

The filename of the executable, in parentheses. Strings longer than TASK_COMM_LEN (16) characters (including the terminating null byte) are silently truncated. This is visible whether or not the executable is swapped out.

I have 3 processes that I see mismatch and highlight them (on my system right now):

1. PID 7610
2. PID 38193
3. PID 37030

Consider these cases:

1. PID 7610:

• The content of /proc/7610/comm is Web Content
• But the content of /proc/7610/cmdline is /opt/firefox-developer-edition/firefox-bin-contentproc-childID17-isForBrowser-prefsLen7837-prefMapSize238232-parentBuildID20201215185920-appdir/opt/firefox-developer-edition/browser4080truetab

2. PID 38193:

• The content of /proc/38193/comm is zyxwvutsrqponml
• But the content of /proc/38193/cmdline is /ramdisk/abcdefghijklmnopqrstuvwxyz./zyxwvutsrqponmlkjihgfedcba

There's a \u0000 between ramdisk/abcdefghijklmnopqrstuvwxyz and ./zyxwvutsrqponmlkjihgfedcba that I can see programmatically, which I replace with \s.

3. PID 37030

• The content of /proc/37030/comm is kworker/3:1-xfs-reclaim/sda2
• The content of /proc/37030/comm is kworker/3:1-xfs-reclaim/sda2

• In case 1, we see that the cmdline and comm are totally different.
• In case 2, we see that the cmdline shows the whole command, but comm is truncated to 15 characters.
• In case 3, we see that the cmdline and the comm are same, comm isn't truncated as it's supposed to be.

How does the file comm contains "kworker/3:1-xfs-reclaim/sda2" without getting truncated to 15 places (+ \n to be 16)?

How do I know if it's actually truncated or not, like in the case of point 2?

The executable name is linux can be read in various ways.

1. By reading /proc/[pid]/comm, which contains a string that's truncated after reaching 16 characters or TASK_COMM_LEN.
2. By reading /proc/[pid]/cmdline which contains the command line used with arguments.

There are other ways like reading /proc/[pid]/stat, or /proc/[pid]/status, but they are similar to 1.

In case of Point 1, the proc(5) man page says:

The filename of the executable, in parentheses. Strings longer than TASK_COMM_LEN (16) characters (including the terminating null byte) are silently truncated. This is visible whether or not the executable is swapped out.

I have 3 processes that I see mismatch and highlight them (on my system right now):

1. PID 7610
2. PID 38193
3. PID 37030

Consider these cases:

1. PID 7610:

• The content of /proc/7610/comm is Web Content
• But the content of /proc/7610/cmdline is /opt/firefox-developer-edition/firefox-bin-contentproc-childID17-isForBrowser-prefsLen7837-prefMapSize238232-parentBuildID20201215185920-appdir/opt/firefox-developer-edition/browser4080truetab

2. PID 38193:

• The content of /proc/38193/comm is zyxwvutsrqponml
• But the content of /proc/38193/cmdline is /ramdisk/abcdefghijklmnopqrstuvwxyz./zyxwvutsrqponmlkjihgfedcba

There's a \u0000 between ramdisk/abcdefghijklmnopqrstuvwxyz and ./zyxwvutsrqponmlkjihgfedcba that I can see programmatically, which I replace with \s.

3. PID 37030

• The content of /proc/37030/comm is kworker/3:1-xfs-reclaim/sda2
• The content of /proc/37030/cmdline is empty.

• In case 1, we see that the cmdline and comm are totally different.
• In case 2, we see that the cmdline shows the whole command, but comm is truncated to 15 characters.
• In case 3, we see that the cmdline is empty, but comm isn't truncated as it's supposed to be.

How does the file comm contains "kworker/3:1-xfs-reclaim/sda2" without getting truncated to 15 places (+ \n to be 16)?

How do I know if it's actually truncated or not, like in the case of point 2?